Tag: phishing
-
Nikkei-Daten über Slack-Konto eines Mitarbeiters geleakt
Tags: access, computer, cyberattack, data-breach, finance, hacker, mail, password, phishing, ransomware, usa, virusEin kompromittierter Rechner und schon hatten Kriminelle alles Nötige, um auf Nikkeis Slack-Plattform zuzugreifen.Unbefugte hatten Zugang zur Messaging-Plattform Slack von Nikkei, einem der größten Medienkonzerne weltweit, zu dem unter anderem die Financial Times gehört. Wie das Unternehmen bekannt gab, wurden dabei möglicherweise Daten von über 17.000 Mitarbeitenden und Geschäftspartnern gestohlen.Darunter können sich Namen, E-Mail-Adressen und…
-
Verdacht des systematischen Missbrauchs von Zahlungsdienstleistern
Tags: credit-card, cybercrime, finance, fraud, germany, mail, north-korea, password, phishing, softwareDie Beschuldigten sollen zur Abwicklung von Zahlungen vier große deutsche Zahlungsdienstleister kompromittiert haben.Bei der Razzia gegen mutmaßliche Betrugs- und Geldwäschenetzwerke auf drei Kontinenten sind auch 29 Objekte in Deutschland durchsucht worden. In Baden-Württemberg, Bayern, Berlin, Hessen, Rheinland-Pfalz, Sachsen, Hamburg und Schleswig-Holstein waren mehr als 250 Einsatzkräfte im Einsatz, wie das Bundeskriminalamt (BKA) und andere Behörden…
-
Verdacht des systematischen Missbrauchs von Zahlungsdienstleistern
Tags: credit-card, cybercrime, finance, fraud, germany, mail, north-korea, password, phishing, softwareDie Beschuldigten sollen zur Abwicklung von Zahlungen vier große deutsche Zahlungsdienstleister kompromittiert haben.Bei der Razzia gegen mutmaßliche Betrugs- und Geldwäschenetzwerke auf drei Kontinenten sind auch 29 Objekte in Deutschland durchsucht worden. In Baden-Württemberg, Bayern, Berlin, Hessen, Rheinland-Pfalz, Sachsen, Hamburg und Schleswig-Holstein waren mehr als 250 Einsatzkräfte im Einsatz, wie das Bundeskriminalamt (BKA) und andere Behörden…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
New Phishing Campaign Targets Travelers via Compromised Hotel Booking.com Accounts
Cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits compromised hotel booking accounts to defraud travellers worldwide. The campaign, which has been active since at least April 2025, leverages stolen credentials from hotel administrators to impersonate legitimate Booking.com communications and direct unsuspecting customers toward fraudulent billing pages. Security analysts from Sekoia.io, in partnership with…
-
New Phishing Campaign Targets Travelers via Compromised Hotel Booking.com Accounts
Cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits compromised hotel booking accounts to defraud travellers worldwide. The campaign, which has been active since at least April 2025, leverages stolen credentials from hotel administrators to impersonate legitimate Booking.com communications and direct unsuspecting customers toward fraudulent billing pages. Security analysts from Sekoia.io, in partnership with…
-
What keeps phishing training from fading over time
When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/research-phishing-training-effectiveness/
-
Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine
A previously unknown threat activity cluster has been observed impersonating Slovak cybersecurity company ESET as part of phishing attacks targeting Ukrainian entities.The campaign, detected in May 2025, is tracked by the security outfit under the moniker InedibleOchotense, describing it as Russia-aligned.”InedibleOchotense sent spear-phishing emails and Signal text messages, containing a link First seen on thehackernews.com…
-
“I Paid Twice” Phishing Campaign Targets Booking.com
Experts have uncovered large-scale phishing exploiting Booking.com, Airbnb and Expedia accounts, targeting hotels and customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/i-paid-twice-phishing-campaign/
-
“I Paid Twice” Phishing Campaign Targets Booking.com
Experts have uncovered large-scale phishing exploiting Booking.com, Airbnb and Expedia accounts, targeting hotels and customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/i-paid-twice-phishing-campaign/
-
Mehr KI, mehr Phishing, weniger Vertrauen – Verbraucher fordern KI-Regulierung und stärkere Authentifizierung
First seen on security-insider.de Jump to article: www.security-insider.de/vertrauensverlust-ki-sicherheitsbedenken-regulierung-a-68897b91bef06ce078f3ea466a431989/
-
UNK_SmudgedSerpent Targets Academics With Political Lures
A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/unksmudgedserpent-targets-academics/
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. Key takeaways: Tenable Research has discovered multiple new and persistent vulnerabilities in OpenAI’s ChatGPT that could allow an attacker to exfiltrate private information from users’ memories and…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials
Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees across Central Asia. The group, also tracked under aliases including YoroTrooper, Sturgeon Phisher, and Cavalry Werewolf, continues its espionage-focused activities with minimal operational security…
-
NDSS 2025 The Philosopher’s Stone: Trojaning Plugins Of Large Language Models
Tags: attack, conference, control, data, defense, exploit, LLM, malicious, malware, network, open-source, phishing, spear-phishingSESSION Session 2A: LLM Security Authors, Creators & Presenters: Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO’s Data61), Guoxing Chen (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Yan Meng (Shanghai Jiao Tong University), Shaofeng Li (Southeast University), Zhen Liu (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University) PAPER The Philosopher’s Stone:…
-
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors
Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus.According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised hosts that uses OpenSSH in conjunction with a customized Tor hidden service that employs…